See also Andreas Gal's blog post https://medium.com/@andreasgal/no-one-should-have-to-travel-... , the ACLU's press release https://www.aclunc.org/news/aclu-files-complaint-department-... , and the ACLU's formal complaint https://www.aclunc.org/docs/ACLU-NC_2019-03-28_Letter_re._El... .
Non-citizens are in a totally different boat. You can be denied entry for any reason whatsoever. Tread carefully....
It seems to be mostly a Five Eyes thing.
Astonishing is the word.
Because of this, it's likely that the world will likely spiral to worse and worse treatment of everyone. As the saying goes, an eye for an eye and soon the whole world is blind.
If he went all the way up to the supreme court instead of taking the plea deal, the story might have gone the other way.
Well if CBSA continues with this practice I hope it ends up with a lawsuit and gets shut down by the supreme court.
This was 2005 so they didn't have such a hard-on for electronic devices back then. Seeing as the US has upped its game quite a bit since then, the likelihood of me ever visiting the US is now zero. Sorry my fellow US HN'rs.
And you know it's such a shame because I had a trip to Boston in November 2002, and even with it being only just over a year since 9/11, my passage through customs was friction-less and the staff were delighted that we'd come to visit the US. No fingerprints, no eyeball scanning, no interrogation, just a friendly "business or pleasure, and enjoy your stay".
It's not just 5 countries: https://en.wikipedia.org/wiki/Five_Eyes
But I think if you fly, for example, from New York to Paris and then on to Tunis, you don't have to go through immigration controls in Paris.
Not a bug, working as intended. Entering a country that you aren't a citizen of isn't some inalienable human right, especially if you're a convicted criminal.
Well, yeah, entering the US as a non-citizen is a privilege granted at the discretion of the US federal government. Border control is an essential function of a sovereign state.
>I also find it a bit disturbing how easily you apply law & order in the name of a country that was not involved in deciding the validity of that decision or the circumstances behind it.
It's disturbing to not want criminal elements freely entering your country? If they're a not refugee and they can't follow the law in their country of origin, why should any other country be obligated to let them in?
I'm only a criminal to someone like you.
What you are really saying is that you think countries have very good reasons to keep people that are not well off from entering. People that are well off would/do not have the same legal outcomes, and thus your measurement of law-abiding is not reasonable.
Well, yes. As far as immigration goes, the policy of most non-US western countries is primarily merit-based or if you have money to invest in the country. If you aren't educated and productive and you're not a legitimate refugee, why should a country let you in? How does the country benefit?
Canada has a generous welfare system and social safety net that that would likely be unsustainable if it let in sufficient number of people unable to support their own benefits. Even if you hold the view that drug use ought to be a public health matter and not a criminal matter, there's a limited amount of immigration that can be sustained without overburdening these services and why let in a drug user when you can let in a doctor or engineer?
In the case of tourism, it's just about limiting risk of someone overstaying their visa.
I make well into six figures as an engineer and cannot make legitimate business trips to Canada even when the company lawyer has appealed for my entry, complete with compiling a report with ample evidence of merit. It is a naive view to think that entry is merit based when I'm being denied entry based solely on the fact that I was once a teenager that was discovered to be around weed once.
> In the case of tourism, it's just about limiting risk of someone overstaying their visa.
Then why do so many performance artists have to cancel Canadian stops when they are not allowed entry? Are they really scared a platinum artist is going to become a drain on their society? That quite obviously has nothing to do with it.
Assuming by default that somebody would break the law, just because you politically disagree with them, is not justified. As said above, CC holders are among the most law-abiding citizens (this is true in my country too). They're aware of the laws governing their permit and assuming by default that they'd break other countries' laws is preposterous. You don't just forget that you're carrying when you travel abroad or by airplane. And you sure as hell don't do something as idiotic as that, with the accompanying consequences, intentionally.
As far as forgetting that you’re carrying, numerous examples say otherwise. Random data point: the TSA confiscated over 4,000 guns last year, of which I imagine approximately 100% were inadvertently packed by innocent people. Whether it’s intentional is immaterial; Canada doesn’t want guns crossing the border, and they couldn’t care less if you’re doing it by accident.
If the Canadian border authorities are searching your person, such that they are likely to notice something like a concealed carry permit, your border crossing has already gone south.
If your threat model doesn't include physical tampering/rootkits, just wipe your devices pre-travel and set it up when you get where you're going. If it does and you can afford to mitigate that risk, arrange to have cheap new devices at your destination and travel with nothing.
First password accesses clean files, second one accesses dummy [legal!] fetish porn collection ... do border guards hold you to get a third password?
An analogue analogue might be: I have a book full of "random alphanum text", I have two (or more) one-time pads for decryption of portions of the book, I also know the page/line the actual cyphertext starts at. The rest of the text in the book is random quotations encrypted using a selection of further random one-time pads. Can forensics find that there is a "hidden" n+1 plaintext when I give them the n pads and starting points? Seems impossible??
Also, sweating you out in holding is probably more effective than you realize.
If you are in a pinch.
If not you can just sell it (there or at home) and take the loss as a rental fee.
I have a feeling that is an empty set.
Plus, it doesn't matter if it happens as much or more in some backwater third world country.
It's already enough of a problem that among first world countries the US is quite a pain in the ass airport control.
Heck, it's enough of a problem that it feels like a pain in the ass. It wont be less of a problem if per capita e.g. Belgium or Albania are worse...
The government does what the government wants. If you're lucky, later a different part of the government will apologize.
A bill of rights may reduce the odds that those enumerated rights are denied to you, but it cannot prevent it.
So feeling fear when surrounded by 3 armed guards is "unamerican"?
My questions are why were there 3 in the first place, and why were they armed? Surely that kind of "show of force" could only be justified in response to a credible threat?
> Surely that kind of "show of force" could only be justified in response to a credible threat?
Justified, of course not, but have you ever encountered bored cops, or bullies? No matter where you go, there are always corrupt individuals, and unfortunately some of them are in positions of authority.
> It used to take months, weeks, or at least days.
Sure. Many things were different in the past. For example: hysterical and paranoid border patrol personnel didn't use to be the norm.
While it is correct to argue that Supreme Court decisions are "case law", the Supreme Court is the final appellate court in the US -- so the only way to change their decision would be through a constitutional amendment.
So, opposing the second amendment is the only way to effectively oppose the rulings related to it (assuming that's what you want to oppose).
> While it is correct to argue that Supreme Court decisions are "case law", the Supreme Court is the final appellate court in the US -- so the only way to change their decision would be through a constitutional amendment.
The supreme court does change their mind about things, as the Heller decision demonstrates.
Heller was not a change of mind by the supreme court (it ruled on a different matter to previous rulings -- which had explicitly skirted around the problem of civilian ownership of weapons outside of a military context).
However, even if it were a change of mind -- the supreme court changing its rulings is an incredibly rare event because such events question the finality and authority of their decisions.
Hence why I said "the only way to change their decision would be through a constitutional amendment" -- because waiting for the supreme court to change their mind about it (while technically possible and sometimes the case) is hardly a useful policy position for a political argument.
Best to enter the customs zone with the phone powered off, your device's security is likely better in this state, less likely to be circumvented while you surrender it.
Things like mobile boarding passes and the "Mobile Passport" app encourage and train people to hand their devices over to TSA and CBP personnel. In that later case, unlocked and with an app CBP/DHS controls already installed (with a lengthy ToS no one ever reads).
As an aside, on iOS, the airline apps I have used work like the Wallet app and are visible on the lock-screen, the device must be powered on but remains locked when you display your boarding pass, etc.
1. There is no special app you need for mobile boarding passes. It has always been either a PDF or a PNG file emailed to you.
2. I was never asked to hand over my phone to TSA agents at any point. They just ask you to put your phone with the boarding pass QR code displayed over a QR scanner. At no point the phone leaves your hands.
Best to just wipe any device and restore from backup.
CBP do need reasonable suspicion to hold you belongings or do a forensic search of your computer (Cotterman 2013) - they can't just randomly take things on a whim. The longer they hold it, the higher standard required.
For more: https://en.wikipedia.org/wiki/Reasonable_suspicion
A different way to phrase it might be: The officers and the suspects disagree about what a reasonable suspicion might entail. Given the incentives, I don't think this is surprising.
I'll admit, my point in no way addresses yours -- how often are officers adhering the the specific legal standard?
I'm really not sure how often officers violate the standard; it wouldn't shock me if it were frequent
But when they do, courts will suppress the evidence, and anything that's obtained from knowledge gained in that search ("fruit of the poisoned tree").
I trust that mechanism. And think it's likely better held in the US than literally any other country (v open to evidence to the contrary though)
Not if the violation was done in “good faith”:
Reasonable suspicion is not required for every search at a border crossing, and the Federal circuit courts are split on whether it is required for a forensic examination of a mobile phone at a border crossing. The 9th circuit has jurisdiction in this case, and has ruled that it is required.
Did Cotterman 2013 clear this up? How does are circuit courts split yet the 9th assumed jurisdiction?
So in some parts of the US, reasonable suspicion is required. In some parts, it isn't. In some parts, there is no binding precedent on the issue. It's likely that the supreme court will hear a case on the issue eventually.
(In Cotterman, it sounds like the Ninth Circuit said reasonable suspicion was required, but also decided on its own - despite it not being argued by the government - that an alert from a CBP database about Cotterman's previous conviction justified a search. Which seems reasonable to me, as a layperson, I thin.)
...and there you have it: He's done something wrong in the past, so - of course - he must be doing something bad now - forever and always!
I don't think that will discourage them to call any whim "reasonable suspicion".
What's the definition of "temporarily" in this case?
As a practical matter, more senior officials at CBP should hopefully know about their limitations and if you request counsel and stay silent then they'd likely release you.
I’ve been kicked out of a border control point in northern Vermont in February in a snowstorm after a four hour interrogation. (They sent the bus without me.)
I’ve been arrested and locked in a room for twelve hours with no food or water or medication.
I’ve been endlessly harassed and interrogated on other entries even when not exercising 5th amendment rights to silence.
In all cases they eventually let me go without charges.
They have to let you enter, but they don’t have to do it quickly or humanely.
They will use every option available to them to punish you for disobeying their commands to unlock, even if you are not legally obligated to do so.
Except the threat to put you on a "mess up with every time they fly" list.
Going to a prison somewhere in the US is 'reentry' I suppose.
Is there evidence of US citizens going to prison for the act of refusing to unlock a device at the border?
Wonder if you can sue them after for your property back.
Hold shift or some other key combination when you boot and it boots into the 'real' machine, the other OS is just a dummy with generic search history and data.
Legal / Official Source please.
...border agents told him he had no constitutional nor any legal protections, and threatened him with criminal charges should he not concede to the search.
...he was eventually allowed to leave with his belongings, the devices still locked, and no charges were pressed."
My goodness! I guess those protections did exit after all! :)
-Goons can lie to you all they want. Never budge.
-Politely refuse, and remain cordial. Stay strong mentally.
-Make sure your devices are turned off prior to even leaving for the airport.
This is the sick reality we live in.
Customs and Border Patrol operate under a special set of circumstances within ports of entry. You do not have the right to have an attorney present during the interrogation, you can have your personal belongings confiscated, you can be held without charge for up to four hours for any "reasonable" suspicion.
These same rules apply within one hundred miles of the United States border. So if you live near the any ocean, Great Lakes, the Mexican border or Canadian border, you live under a different set of rights than the rest of America.
Interesting. You'd think that "real America" was just a turn of phrase - turns out that it isn't, that there is a Real America and that it does care far more about protecting individual rights.
No, there isn't. Civil rights get trampled regularly outside the 100 mile Constitution-free zone too, just under different pretexts.
Also police are allowed to lie about anything they want during interrogations.
The latter feels like a serious problem that should get rectified.
Security may ask you to turn them back on, not to search them, but to verify that they are actual working devices, and not a bomb.
But never decrypt. If this results in you missing your flight, so be it.
Why? Is that more important to stay locked than miss granma's funeral, or more positively, 75th birthday?
If you're a security person, I suspect his recommendation would be - even though he doesn't understand IT and tech - to say you don't even understand how SSH works or can't tell the difference between encryption and hashing.
As far as the security of the data on the device is concerned, a powered-off device is equivalent to a powered-on device that hasn't been unlocked since it was powered on.
It's easy to single out the US but the reality is that most countries have pretty far reaching rules these days. E.g. the UK and Australia are hardly any safer. And forget about China, Russia, or indeed most countries with even less democratic regimes.
The bottom line is that if you are not willing to unlock your device at any of the security checkpoints you will pass on your journey, you should leave it at home or just wipe it preemptively and restore over a secure connection after you arrive. In case it does get unlocked or taken from you, consider the device burned. It may come back to you with all sorts of malware. The people doing this are not thinking you are a terrorist or a child pornographer: you are being targeted and under attack by a hostile entity. Assuming otherwise would be a mistake. Wipe it, sell it on e-bay, never use it again.
The point being: if your encrypted network traffic is captured and retained, maybe it can still be brute forced at liesure, and deduplicated for deltas only. Thus, volume is only a temporary issue, and everyone still gets to see everything eventually, and full retrospective records are still enriched, so maybe that's fine for some things, and not for others.
That would be a big story if that is the case.
I will offer a counter-narrative which is more in line with my own experience (from other places than the US):
The people who work at border control in particular in airports are bored.
They are also overstaffed and given extreme discretion over the people they patrol; most of whom are non-citizen and thus have basically no rights at all.
This leads to them doing work for the sake of showing they work, overreacting to the least of resistance and maybe even some games of entertainment.
I will definitely agree bored cops looking for stuff to do cause a lot of problems.
I think it is obvious that they profile on overall looks, race, citizen status, place of birth, travel patterns.
What he meant was the prefix for the license plate. Luckily I remembered it. I suspect he grew up in the area, but it was super weird; also, he was probably fairly bored.
people are expected to know this?
she said it was absolutely not common (which i doubt very much) and she was concerned i was coming and going because i want to stay (?!?!?!).
The downside of having big government is that it winds up being staffed with mad-with-power bureaucrats, who will mess your life up just because.
I miss the time when most techies believed in civil liberties and were wary of government. Chickens coming home to roost and all that...
This kind of thuggery seems to be getting more common.
Once the agent has your password and takes the device into their back room for an hour, you have to assume that all data has been offloaded and the device has had an undetectable rootkit added.
This gentleman's expertise is in security and encryption and now he works for Apple, a company that makes products that the US government can't always crack. He was clearly targeted in his encounter because of his current position, based on the questions they were asking. Surreptitious access to his devices is highly desirable to US intelligence services.
Any device that you lose physical control of during these encounters must be presumed to be compromised and should be physically destroyed afterwards.
Seems unwise to destroy evidence. Find the rootkit, or have your employer or security researcher do so, prove it's existence, and sue the Government.
But yes, definitely get a new laptop.
It's way easier and less legally ambiguous to make people THINK you are rooting their devices than to actually do it and leave actual evidence to be found. They could even be looking for OTHER rootkits instead of installing them.
I suspect there's a lot of availability bias going on here as well - how many travelers go through the US per year versus how many of them are famous ex-CTOs that get reposted on HN?
Fact is: I don't do Facebook, nor any other Facebook product, so I'm really not able to hand over any such credentials.
With TSA/Customs you need to be truthful. If you don't have an account say so. If you have one and say you don't that's a felony.
The password to this freshly wiped device is "Orwell1984". Feel free to have a look, but all you'll find is an app called "Secure Erase Free Space". This SD card I'm carrying separately? No, you can't have the password to that. Yes, I know, you can hold it indefinitely.
I have a hard time believing that an audience that finds buying a car stressful (as is often stated in Tesla threads) is going to demonstrate assertiveness to a real authority...
There's also a good argument to be made that the search is illegal, it's important that everyone stand up for that, even if its stressful.
But that's why relying on a trusted external party, like the company you work for, to control your access to your data, is a much more effective strategy. TSA/Chinese police can threaten and bully you, but not your co-worker in a different country following company policy.
Lying in that situation would seem like a very bad idea (I'm not a US national) - I've had a few uncomfortable experiences over the years entering the US and I certainly wouldn't want to do anything that would give cause to escalate things on their side.
Doesn't sound that paranoid to me: wasn't there talk already a year ago about trying to force people to log into social media accounts when crossing the border?
He wasn't FORCED to unlock his computer, he was just detained for three hours because he wasn't. Adding technical restrictions won't stop that.
There was a case recently of a NASA scientist being hassled at the border for his phone. He initially refused on the basis that handing it over would compromise his obligations to his employer. It did not work.
Are allowed to? Maybe, maybe not. Will do anyway? Probably yes.
You don't have to specify that you consider customs agents thieves, that's just up to you if you wanna put that lil' spin on it.
(But for real, this seems to me to be a bulletproof way to both make sure TSA can't access data on your device AND make sure you get pulled aside "randomly" for an extra-long questioning session.)
Deniable encryption can actually be very dangerous for people who are detained in places where torture is used. Even if you unlock your device, law enforcement have no proof that you have unlocked your real profile. This is relevant to countries where people can be detained for not unlocking their devices, like Australia.
Aside: don't use TrueCrypt anymore for other reasons.
Common mix up, but the agency in question is CBP, not TSA.